def main():
# Don't support the legacy api.
sys.modules["__main__"].IDAPYTHON_COMPAT_695_API = False
import idc
kordesii.setup_logging()
try:
Pyro4.config.SERVERTYPE = "multiplex"
Pyro4.config.FLAME_ENABLED = "True"
Pyro4.config.SERIALIZERS_ACCEPTED = {"dill"}
logger.debug("Starting daemon...")
daemon = Pyro4.Daemon(host="localhost")
warnings.simplefilter("ignore")
uri = _register(daemon)
logger.info("Listening on {}".format(uri))
# Send port back to the client.
_send_result(uri.port)
# Start listener
idc.auto_wait()
daemon.requestLoop(loopCondition=lambda: not daemon_stop.is_set())
if _close_ida:
idc.qexit(0)
except Exception as e:
# Send exception back to the client, so they can raise it outside of IDA.
_send_result(e)
def main():
"""
Initialize rpyc connection.
"""
# Don't compress to improve speed.
rpyc.core.channel.Channel.COMPRESSION_LEVEL = 0
# Importing idc here so we can still import the server externally.
import idc
if not idc.ARGV[1:]:
raise RuntimeError(f"No connection parameter provided.")
if sys.platform == "win32":
pipe_name = idc.ARGV[1]
stream = NamedPipeStream.create_server(pipe_name)
with rpyc.classic.connect_stream(stream) as srv:
srv.serve_all()
else:
socket_path = idc.ARGV[1]
server = OneShotServer(SlaveService,
socket_path=socket_path,
auto_register=False)
server.start()
idc.qexit(0)
def log_pp_guids():
idc.auto_wait()
analyser = Analyser()
if not analyser.valid:
idc.qexit(-1)
analyser.get_boot_services()
analyser.get_protocols()
analyser.get_prot_names()
data = {}
data['module_name'] = idaapi.get_root_filename()
data['protocols'] = []
for protocol_record in analyser.Protocols['all']:
if (protocol_record['protocol_name'] == 'ProprietaryProtocol'):
guid = get_guid_str(protocol_record['guid'])
service = protocol_record['service']
address = '{addr:#x}'.format(addr=protocol_record['address'])
data['protocols'].append({
'guid': guid,
'service': service,
'address': address
})
logs_dir = os.path.join(tempfile.gettempdir(), 'uefi-retool-pp-guids')
if not os.path.isdir(logs_dir):
os.mkdir(logs_dir)
log_fname = os.path.join(
logs_dir, '{}.json'.format(
binascii.hexlify(ida_nalt.retrieve_input_file_md5()).decode()))
with open(log_fname, 'w') as f:
json.dump(data, f, indent=4)
idc.qexit(0)
def log_pp_guids():
idc.auto_wait()
analyser = Analyser()
if not analyser.valid:
idc.qexit(-1)
analyser.get_boot_services()
analyser.get_protocols()
analyser.get_prot_names()
data = dict()
data["module_name"] = idaapi.get_root_filename()
data["protocols"] = list()
for protocol_record in analyser.Protocols["all"]:
if protocol_record["protocol_name"] == "ProprietaryProtocol":
guid = get_guid_str(protocol_record["guid"])
service = protocol_record["service"]
addr = protocol_record["address"]
address = f"{addr:#x}"
data["protocols"].append({
"guid": guid,
"service": service,
"address": address
})
logs_dir = os.path.join(tempfile.gettempdir(), "uefi-retool-pp-guids")
if not os.path.isdir(logs_dir):
os.mkdir(logs_dir)
log_fname = f"{binascii.hexlify(ida_nalt.retrieve_input_file_md5()).decode()}.json"
log_fpath = os.path.join(logs_dir, log_fname)
with open(log_fpath, "w") as f:
json.dump(data, f, indent=2)
idc.qexit(0)
def main():
while True:
cmnd = recv_from_pipe()
if cmnd == IDA_ERROR:
break
elif cmnd == UNKOWN_CMND:
send_in_pipe(END)
break
elif type(cmnd) == tuple:
command = cmnd[0]
if len(cmnd) == 1:
if command == START:
logger.info("Received START...")
if send_in_pipe(START) == IDA_ERROR:
break
idc.auto_wait()
continue
elif command == END:
logger.info("Received END...")
if not clean_the_mess():
break
if send_in_pipe(END) == IDA_ERROR:
break
idc.qexit(0)
return
elif len(cmnd) >= 2:
bbl = BBL(cmnd[1])
if command == TYPE:
logger.info("Received TYPE...")
res = bbl.get_branch_type()
elif command == DREFS:
logger.info("Received DREFS...")
res = bbl.get_data_refs()
elif command == CREFS:
logger.info("Received CREFS...")
res = bbl.get_code_refs()
elif command == VRET:
logger.info("Received VRET...")
res = bbl.is_nonvoid_ret()
elif command == FEND:
logger.info("Received FEND...")
res = bbl.func_bound()
elif command == FNAM:
logger.info("Received FNAM...")
res = bbl.func_name()
elif command == DOMIN:
logger.info("Received DOMIN...")
res = bbl.is_dominant(cmnd[2])
if send_in_pipe(command, res) == IDA_ERROR:
break
else:
break
idc.qexit(-1)
return
def decoder_entry(main_func):
"""
Main entry code that will trigger IDA script execution.
Decorate your main function like so:
@kordesii.script_entry
def main():
# ....
WARNING: The decorated function MUST be at the end of the module.
:param main_func: function to call
"""
try:
decoder_locals = inspect.stack(0)[1][0].f_locals
except TypeError:
return main_func
if decoder_locals.get("__name__") == "__main__":
if in_ida:
# Setup logging.
logutil.setup_logging()
# Run main()
idc.auto_wait()
try:
main_func()
except Exception as e:
# Catch all exceptions, otherwise we have to go fish it out of ida_log.txt
logger.exception(e)
finally:
# Clear out the serializer so we can run multiple decoders in the same idb.
# Must import here to avoid cyclic import.
# FIXME: A proper fix for the serializer should be put in place.
from kordesii import serialization
serialization._serializers = {}
# Exit if called from framework
if called_from_framework:
idc.qexit(0)
else:
sys.exit("Script must be called from IDA or kordesii.")
# TODO: We could possibly call run_ida() if outside.
return main_func
def log_pp_guids():
if not os.path.isfile(LOG_FILE) or not os.path.getsize(LOG_FILE):
print_log(get_table_line('Guid', 'Module', 'Service', 'Address'))
print_log(get_table_line('---', '---', '---', '---'))
idc.auto_wait()
analyser = Analyser()
if not analyser.valid:
idc.qexit(-1)
analyser.get_boot_services()
analyser.get_protocols()
analyser.get_prot_names()
for protocol_record in analyser.Protocols['all']:
if (protocol_record['protocol_name'] == 'ProprietaryProtocol'):
guid = get_guid_str(protocol_record['guid'])
module = idaapi.get_root_filename()
service = protocol_record['service']
address = '{addr:#x}'.format(addr=protocol_record['address'])
print_log(get_table_line(guid, module, service, address))
idc.qexit(1)
def log_all():
data = dict()
idc.auto_wait()
analyser = Analyser()
if not analyser.valid:
idc.qexit(-1)
analyser.get_boot_services()
module = idaapi.get_root_filename()
boot_services = get_boot_services(analyser)
protocols = get_protocols(analyser)
data["module_name"] = module
data["boot_services"] = boot_services
data["protocols"] = protocols
logs_dir = os.path.join(tempfile.gettempdir(), "uefi-retool-all-info")
if not os.path.isdir(logs_dir):
os.mkdir(logs_dir)
log_fname = f"{binascii.hexlify(ida_nalt.retrieve_input_file_md5()).decode()}.json"
log_fpath = os.path.join(logs_dir, log_fname)
with open(log_fpath, "w") as f:
json.dump(data, f, indent=2)
idc.qexit(0)
def log_pp_guids():
if os.path.isfile(LOG_FILE) == 0 or os.path.getsize(LOG_FILE) == 0:
print_log(get_table_line("Guid", "Module", "Service", "Address"))
print_log(get_table_line("---", "---", "---", "---"))
idc.auto_wait()
analyser = Analyser()
analyser.get_boot_services()
analyser.get_protocols()
analyser.get_prot_names()
for protocol_record in analyser.Protocols["All"]:
if (protocol_record["protocol_name"] == "ProprietaryProtocol"):
guid = str(map(hex, protocol_record["guid"]))
guid = guid.replace("L", "").replace("'", "")
module = idaapi.get_root_filename()
service = protocol_record["service"]
address = hex(protocol_record["address"])
address = address.replace("L", "")
print_log(get_table_line(guid, module, service, address))
idc.qexit(0)
def log_all():
idc.auto_wait()
analyser = Analyser()
analyser.get_boot_services()
print_log("## Module: " + idaapi.get_root_filename())
print_log("### Boot services:")
list_boot_services(analyser)
analyser.get_protocols()
analyser.get_prot_names()
data = analyser.Protocols["All"]
print_log("### Protocols:")
if (len(data) == 0):
print_log("* empty")
for element in data:
guid_str = "[guid] " + str(map(hex, element["guid"])).replace(
"L", "").replace("'", "")
print_log("* [{0}]".format(hex(element["address"]).replace("L", "")))
print_log("\t - [service] " + element["service"])
print_log("\t - [protocol_name] " + element["protocol_name"])
print_log("\t - [protocol_place] " + element["protocol_place"])
print_log("\t - " + guid_str)
idc.qexit(0)
def log_all():
data = {}
idc.auto_wait()
analyser = Analyser()
if not analyser.valid:
idc.qexit(-1)
analyser.get_boot_services()
module = idaapi.get_root_filename()
boot_services = get_boot_services(analyser)
protocols = get_protocols(analyser)
data['module_name'] = module
data['boot_services'] = boot_services
data['protocols'] = protocols
logs_dir = os.path.join(tempfile.gettempdir(), 'uefi-retool-all-info')
if not os.path.isdir(logs_dir):
os.mkdir(logs_dir)
log_fname = os.path.join(
logs_dir, '{}.json'.format(
binascii.hexlify(ida_nalt.retrieve_input_file_md5()).decode()))
with open(log_fname, 'w') as f:
json.dump(data, f, indent=4)
idc.qexit(0)
def log_all():
idc.auto_wait()
analyser = Analyser()
if not analyser.valid:
idc.qexit(0)
analyser.get_boot_services()
print_log("## Module: " + idaapi.get_root_filename())
print_log("### Boot services:")
list_boot_services(analyser)
analyser.get_protocols()
analyser.get_prot_names()
data = analyser.Protocols["All"]
print_log("### Protocols:")
if (len(data) == 0):
print_log("* empty")
for element in data:
guid_str = "[guid] " + utils.get_guid_str(element["guid"])
print_log("* [{0}]".format("{addr:#x}".format(addr=element["address"])))
print_log("\t - [service] " + element["service"])
print_log("\t - [protocol_name] " + element["protocol_name"])
print_log("\t - [protocol_place] " + element["protocol_place"])
print_log("\t - " + guid_str)
idc.qexit(0)
def log_all():
idc.auto_wait()
analyser = Analyser()
if not analyser.valid:
idc.qexit(-1)
analyser.get_boot_services()
print_log('## Module: ' + idaapi.get_root_filename())
print_log('### Boot services:')
list_boot_services(analyser)
analyser.get_protocols()
analyser.get_prot_names()
data = analyser.Protocols['all']
print_log('### Protocols:')
if not len(data):
print_log('* empty')
for element in data:
guid_str = '[guid] ' + get_guid_str(element['guid'])
print_log('* [{0}]'.format(
'{addr:#x}'.format(addr=element['address'])))
print_log('\t - [service] ' + element['service'])
print_log('\t - [protocol_name] ' + element['protocol_name'])
print_log('\t - [protocol_place] ' + element['protocol_place'])
print_log('\t - ' + guid_str)
idc.qexit(1)
def main():
try:
# e.g. /path/to/asadbg/asadb.json
dbname = os.environ["ASADBG_DB"]
except:
logmsg("You need to define ASADBG_DB first")
sys.exit()
if ida_helper.get_idb_name() == "lina":
logmsg("Hunting lina...")
main_lina(dbname)
elif ida_helper.get_idb_name() == "lina_monitor":
logmsg("Hunting lina_monitor...")
main_lina_monitor(dbname)
elif ida_helper.get_idb_name() == "libc.so":
logmsg("Hunting libc...")
main_libc(dbname)
else:
logmsg("ERROR: Unsupported filename")
# This allows us to cleanly exit IDA upon completion
if "DO_EXIT" in os.environ:
# XXX - Was Exit(1)
idc.qexit(1)
import idc
import idautils
functions = idautils.Functions()
f = open(idc.ARGV[1], 'a') if len(idc.ARGV) > 1 else sys.stdout
log = f.write
# log current file path
log(idc.get_input_file_path() + '\n')
# wait for auto-analysis to complete
idc.auto_wait()
for f in functions:
log(idc.get_func_name(f) + "\n")
print idc.get_func_name(f)
idc.qexit(4)
for each in addr_to_fix:
tmp1.write(str(each[0])+','+str(each[1]))
tmp1.write('\n')
tmp1.close()
'''
section_data = ''
offsets = []
for index in range(len(ori_op)):
offsets.append(len(section_data))
section_data += build_section_data(args0[index], args1[index],
args2[index])
# add dispatch function
len_funs = len(section_data)
section_data = add_dispatch_function(ori_address, offsets) + section_data
section_file = open(INPUT_PE + '_newSectionData', 'wb')
section_file.write(section_data)
section_file.close()
section_size = len(section_data)
insert_section(len(section_data), section_data, len_funs)
#print opcode_all
if __name__ == "__main__":
idaapi.autoWait()
create_pe()
if "DO_EXIT" in os.environ:
idc.qexit(1)
import idc
import idaapi
import binascii
idc.set_inf_attr(INF_AF, idc.get_inf_attr(INF_AF) | AF_DODATA)
print("Waiting for the end of the auto analysis...")
idc.auto_wait()
print("Autoanalysis done!")
dumped_netnode_value = 'ca75b28848ea06bcae409699fa2510a03bbaf43bd167eecb17d52918187133a793ebf8d3270230c7164d7a79b53c2c3edd611ede975690784cf2c254abe8b587140d19a3f46b2be109bde1da1b7ed4d7c9f7b58135f2c296db4e86ad29b6f0b999b5599d40c3bae8b29d2cc06ecef63cba0e1b9a9505c1efe9019a7020127e100000000000000000000000000000000000000000000000000000000000000000'
idaapi.netnode('$ user1', 0,
False).kill() # deleting netnode with plain text info
idaapi.netnode('$ original user', 0,
False).supset(0, binascii.unhexlify(dumped_netnode_value))
idc.qexit(0)
from __future__ import print_function
import os
import sys
import shutil
from glob import glob
try:
import epydoc.apidoc
import epydoc.cli
except ImportError as e:
import idc
import traceback
idc.msg("Couldn't import module %s\n" % traceback.format_exc())
idc.qexit(-1)
# --------------------------------------------------------------------------
DOC_DIR = 'hr-html'
# --------------------------------------------------------------------------
def log(msg):
#print msg
pass
def add_header(lines):
S1 = 'href="epydoc.css"'
p = lines.find(S1)
if p < 0:
return None
p = lines.find('\n', p)
from __future__ import print_function
import os
import sys
import shutil
from glob import glob
try:
import epydoc.apidoc
import epydoc.cli
except ImportError as e:
import idc
import traceback
idc.msg("Couldn't import module %s\n" % traceback.format_exc())
idc.qexit(-1)
# --------------------------------------------------------------------------
DOC_DIR = 'hr-html'
# --------------------------------------------------------------------------
def log(msg):
#print msg
pass
def add_header(lines):
S1 = 'href="epydoc.css"'
p = lines.find(S1)
if p < 0:
return None
p = lines.find('\n', p)
if p < 0:
return None
"""
Stub used to run tests within IDA.
"""
import pytest
import kordesii
if __name__ == "__main__" and kordesii.in_ida:
import idc
idc.auto_wait()
print(idc.get_input_file_path())
print(idc.ARGV)
args = idc.ARGV[1:]
print("Running: pytest {}".format(" ".join(args)))
idc.qexit(pytest.main(args))
def analyse_and_exit():
idc.auto_wait()
idc.qexit(0)
def cmd_exit_ida(self, c):
idaapi.msg("IdaRemote exiting IDA\n")
idc.qexit(int(c, 0))
return "bye" # not reached?
